/[gentoo]/xml/htdocs/doc/en/quick-samba-howto.xml
Gentoo

Contents of /xml/htdocs/doc/en/quick-samba-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.13 - (hide annotations) (download) (as text)
Sat Dec 18 16:08:58 2004 UTC (10 years ago) by neysx
Branch: MAIN
Changes since 1.12: +2 -2 lines
File MIME type: application/xml
#74837 (typo)

1 vapier 1.7 <?xml version='1.0' encoding='UTF-8'?>
2 neysx 1.13 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/quick-samba-howto.xml,v 1.12 2004/11/24 22:24:25 neysx Exp $ -->
3 swift 1.1 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4     <guide link="quick-samba-howto.xml">
5 swift 1.3 <title>Gentoo Samba3/CUPS/Clam AV HOWTO</title>
6 swift 1.1 <author title="Author">
7     <mail link="daff at dword dot org">Andreas "daff" Ntaflos</mail>
8     </author>
9     <author title="Author">
10     <mail link="joshua@sungentoo.homeunix.com">Joshua Preston</mail>
11     </author>
12    
13     <abstract>
14 swift 1.3 Setup, install and configure a Samba Server under Gentoo that shares
15     files, printers without the need to install drivers and provides
16 swift 1.1 automatic virus scanning.
17     </abstract>
18    
19     <!-- The content of this document is licensed under the CC-BY-SA license -->
20     <!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
21     <license/>
22    
23 neysx 1.12 <version>1.9</version>
24     <date>2004-11-24</date>
25 swift 1.1
26     <chapter>
27     <title>Introduction to this HOWTO</title>
28     <section>
29     <title>Purpose</title>
30     <body>
31    
32     <p>
33     This HOWTO is designed to help you move a network from many different
34 neysx 1.5 clients speaking different languages, to many different machines that
35 swift 1.1 speak a common language. The ultimate goal is to help differing
36 swift 1.3 architectures and technologies, come together in a productive,
37     happily coexisting environment.
38 swift 1.1 </p>
39    
40     <p>
41     Following the directions outlined in this HOWTO should give you an
42     excellent step towards a peaceful cohabitation between Windows, and
43     virtually all known variations of *nix.
44     </p>
45    
46     <p>
47     This HOWTO originally started not as a HOWTO, but as a FAQ. It was
48     intended to explore the functionality and power of the Gentoo system,
49     portage and the flexibility of USE flags. Like so many other projects,
50     it was quickly discovered what was missing in the Gentoo realm: there
51     weren't any Samba HOWTO's catered for Gentoo users. These users are
52     more demanding than most; they require performance, flexibility and
53     customization. This does not however imply that this HOWTO was not
54     intended for other distributions; rather that it was designed to work
55     with a highly customized version of Samba.
56     </p>
57    
58     <p>
59     This HOWTO will describe how to share files and printers between Windows
60     PCs and *nix PCs. It will also demonstrate the use of the VFS (Virtual
61     File System) feature of Samba to incorporate automatic virus protection.
62     As a finale, it will show you how to mount and manipulate shares.
63     </p>
64    
65     <p>
66     There are a few topics that will be mentioned, but are out of the
67     scope of this HOWTO. These will be noted as they are presented.
68     </p>
69    
70     <p>
71     This HOWTO is based on a compilation and merge of an excellent HOWTO
72     provided in the <uri link="http://forums.gentoo.org">Gentoo forums</uri>
73     by Andreas "daff" Ntaflos and the collected knowledge of Joshua Preston.
74     The link to this discussion is provided below for your reference:
75     </p>
76    
77     <ul>
78     <li>
79     <uri link="http://forums.gentoo.org/viewtopic.php?t=110931">HOWTO
80     CUPS+Samba: printing from Windows &amp; Linux</uri>
81     </li>
82     </ul>
83    
84     </body>
85     </section>
86     <section>
87     <title>Before you use this guide</title>
88     <body>
89    
90     <p>
91 neysx 1.5 There are a several other guides for setting up CUPS and/or Samba, please read
92     them as well, as they may tell you things left out of this HOWTO (intentional
93     or otherwise). One such document is the very useful and well written <uri
94     link="/doc/en/printing-howto.xml">Gentoo Printing Guide</uri>, as configuration
95     issues and specific printer setup is not discussed here.
96 swift 1.1 </p>
97    
98     </body>
99     </section>
100     <section>
101     <title>Brief Overview</title>
102     <body>
103    
104     <p>
105     After presenting the various USE flags, the following list will outline
106     all of the topics covered as they are presented:
107     </p>
108    
109     <ul>
110     <li>On the Samba server:
111     <ul>
112     <li>Install and configure CLAM-AV</li>
113     <li>Install and configure Samba</li>
114     <li>Install and configure CUPS</li>
115     <li>Adding the printer to CUPS</li>
116     <li>Adding the PS drivers for the Windows clients</li>
117     </ul>
118     </li>
119     <li>On the Unix clients:
120     <ul>
121     <li>Install and configure CUPS</li>
122     <li>Configuring a default printer</li>
123     <li>Mounting a Windows or Samba share</li>
124     </ul>
125     </li>
126     <li>On the Windows Clients:
127     <ul>
128     <li>Configuring the printer</li>
129     <li>Accessing Samba shares</li>
130     </ul>
131     </li>
132     </ul>
133    
134     </body>
135     </section>
136     <section>
137     <title>Requirements</title>
138     <body>
139    
140     <p>
141     We will need the following:
142     </p>
143    
144     <ul>
145     <li>net-fs/samba</li>
146 swift 1.6 <li>app-antivirus/clamav</li>
147 swift 1.1 <li>net-print/cups</li>
148     <li>net-print/foomatic</li>
149     <li>net-print/hpijs (if you have an HP printer)</li>
150     <li>A kernel of sorts (preferably 2.4.24+ or 2.6.x)</li>
151     <li>A printer (PS or non-PS, maybe not TOO new or fancy)</li>
152     <li>
153     A working network (home/office/etc) consisting of more than one machine)
154     </li>
155     </ul>
156    
157     <p>
158     The main package we use here is net-fs/samba, however, you will need
159     a kernel with smbfs support enabled in order to mount a samba or windows
160     share from another computer. CUPS will be emerged if it is not already.
161 swift 1.6 app-antivirus/clamav will be used also, but others should be easily adapted
162 swift 1.1 to work with Samba.
163     </p>
164    
165     </body>
166     </section>
167     </chapter>
168 neysx 1.5
169 swift 1.1 <chapter>
170     <title>Getting acquainted with Samba</title>
171     <section>
172     <title>The USE Flags</title>
173     <body>
174    
175     <p>
176     Before emerging anything, take a look at the various USE flags
177     available to Samba.
178     </p>
179    
180     <pre caption="Samba uses the following USE Variables:">
181     kerberos mysql xml acl cups ldap pam readline python oav
182     </pre>
183    
184     <p>
185     Depending on the network topology and the specific requirements of
186     the server, the USE flags outlined below will define what to include or
187     exclude from the emerging of Samba.
188     </p>
189    
190     <table>
191     <tr>
192     <th><b>USE flag</b></th>
193     <th>Description</th>
194     </tr>
195     <tr>
196     <th><b>kerberos</b></th>
197     <ti>
198     Include support for Kerberos. The server will need this if it is
199     intended to join an existing domain or Active Directory. See the note
200     below for more information.
201     </ti>
202     </tr>
203     <tr>
204     <th><b>mysql</b></th>
205     <ti>
206     This will allow Samba to use MySQL in order to do password authentication.
207     It will store ACLs, usernames, passwords, etc in a database versus a
208     flat file. If Samba is needed to do password authentication, such as
209     acting as a password validation server or a Primary Domain Controller
210     (PDC).
211     </ti>
212     </tr>
213     <tr>
214     <th><b>xml</b></th>
215     <ti>
216     The xml USE option for Samba provides a password database backend allowing
217     Samba to store account details in XML files, for the same reasons listed in
218     the mysql USE flag description.
219     </ti>
220     </tr>
221     <tr>
222     <th><b>acl</b></th>
223     <ti>
224     Enables Access Control Lists. The ACL support in Samba uses a patched
225     ext2/ext3, or SGI's XFS in order to function properly as it extends more
226     detailed access to files or directories; much more so than typical *nix
227     GID/UID schemas.
228     </ti>
229     </tr>
230     <tr>
231     <th><b>cups</b></th>
232     <ti>
233     This enables support for the Common Unix Printing System. This
234     provides an interface allowing local CUPS printers to be shared to
235     other systems in the network.
236     </ti>
237     </tr>
238     <tr>
239     <th><b>ldap</b></th>
240     <ti>
241     Enables the Lightweight Directory Access Protocol (LDAP). If Samba is
242     expected to use Active Directory, this option must be used. This would
243     be used in the event Samba needs to login to or provide login to
244     a Domain/Active Directory Server. The kerberos USE flag is needed for
245     proper functioning of this option.
246     </ti>
247     </tr>
248     <tr>
249     <th><b>pam</b></th>
250     <ti>
251     Include support for pluggable authentication modules (PAM). This
252     provides the ability to authenticate users on the Samba Server, which is
253     required if users have to login to your server. The kerberos USE flag
254     is recommended along with this option.
255     </ti>
256     </tr>
257     <tr>
258     <th><b>readline</b></th>
259     <ti>
260 neysx 1.13 Link Samba against libreadline. This is highly recommended and should
261 swift 1.1 probably not be disabled
262     </ti>
263     </tr>
264     <tr>
265     <th><b>python</b></th>
266     <ti>
267     Python bindings API. Provides an API that will allow Python to
268     interface with Samba.
269     </ti>
270     </tr>
271     <tr>
272     <th><b>oav</b></th>
273     <ti>
274     Provides on-access scanning of Samba shares with FRISK F-Prot
275     Daemon, Kaspersky AntiVirus, OpenAntiVirus.org ScannerDaemon, Sophos Sweep
276     (SAVI), Symantec CarrierScan, and Trend Micro (VSAPI).
277     </ti>
278     </tr>
279     </table>
280    
281     <p>
282     A couple of things worth mentioning about the USE flags and different
283     Samba functions include:
284     </p>
285    
286     <ul>
287     <li>
288     ACLs on ext2/3 are implemented through extended attributes (EAs). EA and
289     ACL kernel options for ext2 and/or ext3 will need to be enabled
290     (depending on which file system is being used - both can be enabled).
291     </li>
292     <li>
293     While Active Directory, ACL, and PDC functions are out of the intended
294     scope of this HOWTO, you may find these links as helpful to your cause:
295     <ul>
296     <li><uri>http://www.bluelightning.org/linux/samba_acl_howto/</uri></li>
297     <li><uri>http://open-projects.linuxcare.com/research-papers/winbind-08162000.html</uri></li>
298     <li><uri>http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory</uri></li>
299     </ul>
300     </li>
301     </ul>
302    
303     </body>
304     </section>
305     </chapter>
306 neysx 1.5
307 swift 1.1 <chapter>
308     <title>Server Software Installation</title>
309     <section>
310     <title>Emerging Samba</title>
311     <body>
312    
313     <p>
314     First of all: be sure that all your hostnames resolve correctly.
315     Either have a working domain name system running on your network
316 swift 1.3 or appropriate entries in your <path>/etc/hosts</path> file.
317     <c>cupsaddsmb</c> often borks if hostnames don't point to the correct
318     machines.
319 swift 1.1 </p>
320    
321     <p>
322     Hopefully now you can make an assessment of what you'll actually need in
323     order to use Samba with your particular setup. The setup used for this
324     HOWTO is:
325     </p>
326    
327     <ul>
328     <li>oav</li>
329     <li>cups</li>
330     <li>readline</li>
331     <li>pam</li>
332     </ul>
333    
334     <p>
335     To optimize performance, size and the time of the build, the
336     USE flags are specifically included or excluded.
337     </p>
338    
339     <pre caption="Emerge Samba">
340     <comment>(Note the USE flags!)</comment>
341     # <i>USE=&quot;oav readline cups pam -python -ldap -kerberos -xml -acl -mysql&quot; emerge net-fs/samba</i>
342     </pre>
343    
344     <note>
345     The following archs will need to add <e>~</e> to their <e>KEYWORDS</e>: x86,
346     ppc, sparc, hppa, ia64 and alpha
347     </note>
348    
349     <p>
350     This will emerge Samba and CUPS (if CUPS is not already emerged).
351     </p>
352    
353     </body>
354     </section>
355     <section>
356 swift 1.3 <title>Emerging Clam AV</title>
357 swift 1.1 <body>
358    
359     <p>
360 swift 1.3 Because the <e>oav</e> USE flag only provides an interface to allow on access
361 swift 1.1 virus scanning, the actual virus scanner must be emerged. The scanner
362 swift 1.3 used in this HOWTO is Clam AV.
363 swift 1.1 </p>
364    
365     <pre caption="Emerge clam-av">
366 swift 1.6 # <i>emerge app-antivirus/clamav</i>
367 swift 1.1 </pre>
368    
369     </body>
370     </section>
371     <section>
372     <title>Emerging foomatic</title>
373     <body>
374    
375     <pre caption="Emerge foomatic">
376     # <i>emerge net-print/foomatic</i>
377     </pre>
378    
379     </body>
380     </section>
381     <section>
382     <title>Emerging net-print/hpijs</title>
383     <body>
384    
385     <p>
386     You only need to emerge this if you use an HP printer.
387     </p>
388    
389     <pre caption="Emerge hpijs">
390 swift 1.2 # <i>emerge net-print/hpijs</i>
391 swift 1.1 </pre>
392    
393     </body>
394     </section>
395     </chapter>
396 neysx 1.5
397 swift 1.1 <chapter>
398     <title>Server Configuration</title>
399     <section>
400     <title>Configuring Samba</title>
401     <body>
402    
403     <p>
404     The main Samba configuration file is <path>/etc/samba/smb.conf</path>.
405     It is divided in sections indicated by [sectionname]. Comments are either
406     # or ;. A sample <path>smb.conf</path> is included below with comments and
407     suggestions for modifications. If more details are required, see the
408 swift 1.3 man page for <path>smb.conf</path>, the installed
409     <path>smb.conf.example</path>, the Samba Web site or any of the
410     numerous Samba books available.
411 swift 1.1 </p>
412    
413     <pre caption="A Sample /etc/samba/smb.conf">
414     [global]
415     <comment># Replace MYWORKGROUPNAME with your workgroup/domain</comment>
416     workgroup = <comment>MYWORKGROUPNAME</comment>
417     <comment># Of course this has no REAL purpose other than letting
418     # everyone know its not Windows!
419     # %v prints the version of Samba we are using.</comment>
420     server string = Samba Server %v
421     <comment># We are going to use cups, so we are going to put it in here ;-)</comment>
422     printcap name = cups
423     printing = cups
424     load printers = yes
425     <comment># We want a log file and we do not want it to get bigger than 50kb.</comment>
426     log file = /var/log/samba/log.%m
427     max log size = 50
428     <comment># We are going to set some options for our interfaces...</comment>
429     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
430     <comment># This is a good idea, what we are doing is binding the
431     # samba server to our local network.
432     # For example, if eth0 is our local network device</comment>
433     interfaces = lo <i>eth0</i>
434     bind interfaces only = yes
435     <comment># Now we are going to specify who we allow, we are afterall
436     # very security conscience, since this configuration does
437     # not use passwords!</comment>
438     hosts allow = 127.0.0.1 <i>192.168.1.0/24</i>
439     hosts deny = 0.0.0.0/0
440     <comment># Other options for this are USER, DOMAIN, ADS, and SERVER
441     # The default is user</comment>
442     security = share
443     <comment># No passwords, so we're going to use a guest account!</comment>
444     guest account = samba
445     guest ok = yes
446     <comment># We now will implement the on access virus scanner.
447     # NOTE: By putting this in our [Global] section, we enable
448     # scanning of ALL shares, you could optionally move
449     # these to a specific share and only scan it.</comment>
450 swift 1.8
451     <comment># For Samba 3.x</comment>
452     vfs object = vscan-clamav
453     vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
454    
455     <comment># For Samba 2.2.x</comment>
456 swift 1.1 vfs object = /usr/lib/samba/vfs/vscan-clamav.so
457     vfs options = config-file = /etc/samba/vscan-clamav.conf
458    
459     <comment># Now we setup our print drivers information!</comment>
460     [print$]
461     comment = Printer Drivers
462     path = /etc/samba/printer <comment># this path holds the driver structure</comment>
463 swift 1.10 guest ok = yes
464 swift 1.1 browseable = yes
465     read only = yes
466     <comment># Modify this to "username,root" if you don't want root to
467     # be the only printer admin)</comment>
468     write list = <i>root</i>
469    
470     <comment># Now we'll setup a printer to share, while the name is arbitrary
471     # it should be consistent throughout Samba and CUPS!</comment>
472     [HPDeskJet930C]
473     comment = HP DeskJet 930C Network Printer
474     printable = yes
475     path = /var/spool/samba
476     public = yes
477     guest ok = yes
478     <comment># Modify this to "username,root" if you don't want root to
479     # be the only printer admin)</comment>
480     printer admin = <i>root</i>
481    
482     <comment># Now we setup our printers share. This should be
483     # browseable, printable, public.</comment>
484     [printers]
485     comment = All Printers
486 swift 1.10 browseable = no
487 swift 1.1 printable = yes
488 swift 1.10 writable = no
489 swift 1.1 public = yes
490     guest ok = yes
491     path = /var/spool/samba
492     <comment># Modify this to "username,root" if you don't want root to
493     # be the only printer admin)</comment>
494     printer admin = <i>root</i>
495    
496     <comment># We create a new share that we can read/write to from anywhere
497     # This is kind of like a public temp share, anyone can do what
498     # they want here.</comment>
499     [public]
500     comment = Public Files
501     browseable = yes
502     public = yes
503     create mode = 0766
504     guest ok = yes
505     path = /home/samba/public
506     </pre>
507    
508 swift 1.3 <warn>
509     If you like to use Samba's guest account to do anything concerning
510     printing from Windows clients: don't set <c>guest only = yes</c> in
511     the <c>[global]</c> section. The guest account seems to cause
512     problems when running <c>cupsaddsmb</c> sometimes when trying to
513     connect from Windows machines. See below, too, when we talk about
514     <c>cupsaddsmb</c> and the problems that can arise. Use a dedicated
515     printer user, like <c>printeruser</c> or <c>printer</c> or
516     <c>printme</c> or whatever. It doesn't hurt and it will certainly
517     protect you from a lot of problems.
518     </warn>
519 swift 1.1
520     <p>
521     Now create the directories required for the minimum configuration of
522     Samba to share the installed printer throughout the network.
523     </p>
524    
525     <pre caption="Create the directories">
526     # <i>mkdir /etc/samba/printer</i>
527     # <i>mkdir /var/spool/samba</i>
528     # <i>mkdir /home/samba/public</i>
529     </pre>
530    
531     <p>
532     At least one Samba user is required in order to install the printer
533     drivers and to allow users to connect to the printer. Users must
534     exist in the system's <path>/etc/passwd</path> file.
535     </p>
536    
537     <pre caption="Creating the users">
538     # <i>smbpasswd -a root</i>
539    
540     <comment>(If another user is to be a printer admin)</comment>
541     # <i>smbpasswd -a username</i>
542     </pre>
543    
544     <p>
545     The Samba passwords need not be the same as the system passwords
546     in <path>/etc/passwd</path>.
547     </p>
548    
549 swift 1.9 <p>
550     You will also need to update <path>/etc/nsswitch.conf</path> so that Windows
551     systems can be found easily using NetBIOS:
552     </p>
553    
554     <pre caption="Editing /etc/nsswitch.conf">
555     # <i>nano -w /etc/nsswitch.conf</i>
556     <comment>(Edit the hosts: line)</comment>
557     hosts: files dns <i>wins</i>
558     </pre>
559    
560 swift 1.1 </body>
561     </section>
562     <section>
563 swift 1.3 <title>Configuring Clam AV</title>
564 swift 1.1 <body>
565    
566     <p>
567     The configuration file specified to be used in <path>smb.conf</path> is
568     <path>/etc/samba/vscan-clamav.conf</path>. While these options are set
569     to the defaults, the infected file action may need to be changed.
570     </p>
571    
572     <pre caption="/etc/samba/vscan-clamav.conf">
573     [samba-vscan]
574     <comment>; run-time configuration for vscan-samba using
575     ; clamd
576     ; all options are set to default values</comment>
577    
578     <comment>; do not scan files larger than X bytes. If set to 0 (default),
579     ; this feature is disable (i.e. all files are scanned)</comment>
580     max file size = 0
581    
582     <comment>; log all file access (yes/no). If set to yes, every access will
583     ; be logged. If set to no (default), only access to infected files
584     ; will be logged</comment>
585     verbose file logging = no
586    
587     <comment>; if set to yes (default), a file will be scanned while opening</comment>
588     scan on open = yes
589     <comment>; if set to yes, a file will be scanned while closing (default is yes)</comment>
590     scan on close = yes
591    
592     <comment>; if communication to clamd fails, should access to file denied?
593     ; (default: yes)</comment>
594     deny access on error = yes
595    
596 neysx 1.5 <comment>; if daemon fails with a minor error (corruption, etc.),
597 swift 1.1 ; should access to file denied?
598     ; (default: yes)</comment>
599     deny access on minor error = yes
600    
601     <comment>; send a warning message via Windows Messenger service
602     ; when virus is found?
603     ; (default: yes)</comment>
604     send warning message = yes
605    
606     <comment>; what to do with an infected file
607     ; quarantine: try to move to quantine directory; delete it if moving fails
608     ; delete: delete infected file
609     ; nothing: do nothing</comment>
610     infected file action = <comment>delete</comment>
611    
612     <comment>; where to put infected files - you really want to change this!
613     ; it has to be on the same physical device as the share!</comment>
614     quarantine directory = /tmp
615     <comment>; prefix for files in quarantine</comment>
616     quarantine prefix = vir-
617    
618     <comment>; as Windows tries to open a file multiple time in a (very) short time
619     ; of period, samba-vscan use a last recently used file mechanism to avoid
620     ; multiple scans of a file. This setting specified the maximum number of
621     ; elements of the last recently used file list. (default: 100)</comment>
622     max lru files entries = 100
623    
624 neysx 1.5 <comment>; an entry is invalidated after lru file entry lifetime (in seconds).
625 swift 1.1 ; (Default: 5)</comment>
626     lru file entry lifetime = 5
627    
628     <comment>; socket name of clamd (default: /var/run/clamd)</comment>
629     clamd socket name = /var/run/clamd
630     </pre>
631    
632     <p>
633     It is generally a good idea to start the virus scanner immediately. Add
634 swift 1.3 it to the <e>default</e> runlevel and then start the <c>clamd</c> service immediately.
635 swift 1.1 </p>
636    
637     <pre caption="Add clamd to bootup and start it">
638     # <i>rc-update add clamd default</i>
639     # <i>/etc/init.d/clamd start</i>
640     </pre>
641    
642     </body>
643     </section>
644     <section>
645     <title>Configuring CUPS</title>
646     <body>
647    
648     <p>
649 swift 1.3 This is a little more complicated. CUPS' main config file is
650 swift 1.1 <path>/etc/cups/cupsd.conf</path>. It's structure is similar to Apache's
651     <path>httpd.conf</path> file, so many you may find it familiar. Outlined
652     in the example are the directives that need to be changed:
653     </p>
654    
655     <pre caption="/etc/cups/cupsd.conf">
656     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
657     ServerAdmin <i>root@PrintServer</i> <comment># the person for printer-related hate-mail, eg you</comment>
658    
659     AccessLog /var/log/cups/access_log <comment># probably doesn't need changing</comment>
660     ErrorLog /var/log/cups/error_log <comment># doesn't really need changing either</comment>
661    
662     LogLevel debug <comment># only while isntalling and testing, should later be
663     # changed to 'info'</comment>
664    
665     MaxClients 100 <comment># I've had to set this to 1000000000 or so because some time back,
666     # there seemed to be a bug in CUPS' controlling of the web interface,
667     # making CUPS think a denial of service attack was in progress when
668     # I tried to configure a printer with the web interface. weird.</comment>
669    
670     BrowseAddress @IF(<i>eth0</i>) <comment># Change this to your internal net interface</comment>
671    
672     &lt;Location /&gt;
673     Order Deny,Allow
674     Deny From All
675     Allow From <i>192.168.1.*</i> <comment># the addresses of your internel network
676     # eg 192.168.1.* will allow connections from any host on
677     # the 192.168.1.0 network. change to whatever suits you</comment>
678     &lt;/Location&gt;
679    
680     &lt;Location /admin&gt;
681     AuthType Basic
682     AuthClass System
683     Allow From <i>192.168.1.*</i> <comment># same as above, allow any host on the
684     # 192.168.1.0 network to connect and do
685     # administrative tasks after authenticating</comment>
686     Order Deny,Allow
687     Deny From All
688     &lt;/Location&gt;
689     </pre>
690    
691     <p>
692     Edit <path>/etc/cups/mime.convs</path> to uncomment some lines.
693 swift 1.3 The changes to <path>mime.convs</path> and <path>mime.types</path> are
694     needed to make CUPS print Microsoft Office document files.
695 swift 1.1 </p>
696    
697     <pre caption="/etc/cups/mime.convs">
698     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
699     application/octet-stream application/vnd.cups-raw 0
700     </pre>
701    
702     <p>
703 neysx 1.12 Edit <path>/etc/cups/mime.types</path> to uncomment some lines.
704 swift 1.1 </p>
705    
706     <pre caption="/etc/cups/mime.types">
707     <comment>(The following line is found near the end of the file. Uncomment it)</comment>
708     application/octet-stream
709     </pre>
710    
711     <p>
712     CUPS needs to be started on boot, and started immediately.
713     </p>
714    
715     <pre caption="Setting up the CUPS service" >
716     <comment>(To start CUPS on boot)</comment>
717     # <i>rc-update add cupsd default</i>
718     <comment>(To start CUPS if it isn't started)</comment>
719     # <i>/etc/init.d/cupsd start</i>
720     <comment>(If CUPS is already started we'll need to restart it!)</comment>
721     # <i>/etc/init.d/cupsd restart</i>
722     </pre>
723    
724     </body>
725     </section>
726     <section>
727     <title>Installing a printer for and with CUPS</title>
728     <body>
729    
730     <p>
731 neysx 1.5 First, go to <uri link="http://linuxprinting.org">LinuxPrinting.Org</uri> to
732     find and download the correct PPD file for your printer and CUPS. To do so,
733     click the link Printer Listings to the left. Select your printers manufacturer
734     and the model in the pulldown menu, eg HP and DeskJet 930C. Click "Show". On
735     the page coming up click the "recommended driver" link after reading the
736     various notes and information. Then fetch the PPD file from the next page,
737     again after reading the notes and introductions there. You may have to select
738     your printers manufacturer and model again. Reading the <uri
739     link="http://www.linuxprinting.org/cups-doc.html">CUPS quickstart guide</uri>
740     is also very helpful when working with CUPS.
741 swift 1.1 </p>
742    
743     <p>
744     Now you have a PPD file for your printer to work with CUPS. Place it in
745     <path>/usr/share/cups/model</path>. The PPD for the HP DeskJet 930C was
746 swift 1.3 named <path>HP-DeskJet_930C-hpijs.ppd</path>. You should now install the printer.
747 swift 1.1 This can be done via the CUPS web interface or via command line. The web
748 swift 1.3 interface is found at <path>http://PrintServer:631</path> once CUPS is running.
749 swift 1.1 </p>
750    
751     <pre caption="Install the printer via command line">
752     # <i>lpadmin -p HPDeskJet930C -E -v usb:/dev/ultp0 -m HP-DeskJet_930C-hpijs.ppd</i>
753     </pre>
754    
755     <p>
756 swift 1.3 Remember to adjust to what you have. Be sure to have the name
757     (<c>-p</c> argument) right (the name you set above during the Samba
758     configuration!) and to put in the correct <c>usb:/dev/usb/blah</c>,
759     <c>parallel:/dev/blah</c> or whatever device you are using for your
760     printer.
761 swift 1.1 </p>
762    
763     <p>
764 swift 1.3 You should now be able to access the printer from the web interface
765     and be able to print a test page.
766 swift 1.1 </p>
767    
768     </body>
769     </section>
770     <section>
771     <title>Installing the Windows printer drivers</title>
772     <body>
773    
774     <p>
775     Now that the printer should be working it is time to install the drivers
776     for the Windows clients to work. Samba 2.2 introduced this functionality.
777     Browsing to the print server in the Network Neighbourhood, right-clicking
778     on the printershare and selecting "connect" downloads the appropriate
779     drivers automagically to the connecting client, avoiding the hassle of
780     manually installing printer drivers locally.
781     </p>
782    
783     <p>
784     There are two sets of printer drivers for this. First, the Adobe PS
785     drivers which can be obtained from <uri
786     link="http://www.adobe.com/support/downloads/main.html">Adobe</uri>
787     (PostScript printer drivers). Second, there are the CUPS PS drivers,
788     to be obtained from <uri link="http://www.cups.org/software.php">the
789     CUPS homepage</uri> and selecting "CUPS Driver for Windows" from the
790     pull down menu. There doesn't seem to be a difference between the
791     functionality of the two, but the Adobe PS drivers need to be extracted
792     on a Windows System since it's a Windows binary. Also the whole procedure
793     of finding and copying the correct files is a bit more hassle. The CUPS
794     drivers seem to support some options the Adobe drivers don't.
795     </p>
796    
797     <p>
798     This HOWTO uses the CUPS drivers for Windows. The downloaded file is
799     called <path>cups-samba-5.0rc2.tar.gz</path>. Extract the files
800     contained into a directory.
801     </p>
802    
803     <pre caption="Extract the drivers and run the install">
804     # <i>tar -xzf cups-samba-5.0rc2.tar.gz</i>
805     # <i>cd cups-samba-5.0rc2</i>
806     <comment>(Only use this script if CUPS resides in /usr/share/cups)</comment>
807     # <i>./cups-samba.install</i>
808     </pre>
809    
810     <p>
811 swift 1.3 <path>cups-samba.ss</path> is a TAR archive containing three files:
812     <path>cups5.hlp</path>, <path>cupsdrvr5.dll</path> and
813     <path>cupsui5.dll</path>. These are the actual driver files.
814 swift 1.1 </p>
815    
816     <warn>
817 swift 1.3 The script <c>cups-samba.install</c> may not work for all *nixes (ie FreeBSD)
818 swift 1.1 because almost everything which is not part of the base system is
819     installed somewhere under the prefix <path>/usr/local/</path>. This
820     seems not to be the case for most things you install under GNU/Linux.
821     However, if your CUPS installation is somewhere other than
822 swift 1.3 <path>/usr/share/cups/</path> see the example below.
823 swift 1.1 </warn>
824    
825     <p>
826     Suppose your CUPS installation resides under
827     <path>/usr/local/share/cups/</path>, and you want to install the drivers there.
828     Do the following:
829     </p>
830    
831     <pre caption="Manually installing the drivers">
832     # <i>cd /path/you/extracted/the/CUPS-driver/tarball/into</i>
833     # <i>tar -xf cups-samba.ss</i>
834     <comment>(This extracts the files to usr/share/cups/drivers under the CURRENT WORKING DIRECTORY)</comment>
835     # <i>cd usr/share/cups/drivers</i>
836     <comment>(no leading / !)</comment>
837     # <i>cp cups* /usr/local/share/cups/drivers</i>
838     </pre>
839    
840     <p>
841     Now we'll use the script <c>cupsaddsmb</c> provided by the CUPS
842     distribution. It's man page is an interesting read.
843     </p>
844    
845     <pre caption="Run cupsaddsmb">
846     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -v HPDeskJet930C</i>
847     <comment>(Instead of HPDeskJet930C you could also specify "-a", which will
848     "export all known printers".)</comment>
849     # <i>cupsaddsmb -H PrintServer -U root -h PrintServer -a</i>
850     </pre>
851    
852     <warn>
853     The execution of this command often causes the most trouble.
854     Reading through the <uri
855 cam 1.4 link="http://forums.gentoo.org/viewtopic.php?t=110931">posts in this
856 swift 1.1 thread</uri>.
857     </warn>
858    
859     <p>
860     Here are common errors that may happen:
861     </p>
862    
863     <ul>
864     <li>
865 swift 1.3 The hostname given as a parameter for <c>-h</c> and <c>-H</c>
866     (<c>PrintServer</c>) often does not resolve correctly and doesn't
867     identify the print server for CUPS/Samba interaction. If an error
868     like: <b>Warning: No PPD file for printer "CUPS_PRINTER_NAME" -
869     skipping!</b> occurs, the first thing you should do is substitute
870     <c>PrintServer</c> with <c>localhost</c> and try it again.
871 swift 1.1 </li>
872     <li>
873     The command fails with an <b>NT_STATUS_UNSUCCESSFUL</b>. This error message
874     is quite common, but can be triggered by many problems. It's unfortunately
875 swift 1.3 not very helpful. One thing to try is to temporarily set <c>security =
876     user</c> in your <path>smb.conf</path>. After/if the installation completes
877 swift 1.1 successfully, you should set it back to share, or whatever it was set to
878     before.
879     </li>
880     </ul>
881    
882     <p>
883     This should install the correct driver directory structure under
884     <path>/etc/samba/printer</path>. That would be
885     <path>/etc/samba/printer/W32X86/2/</path>. The files contained should
886     be the 3 driver files and the PPD file, renamed to YourPrinterName.ppd
887     (the name which you gave the printer when installing it (see above).
888     </p>
889    
890     <p>
891     Pending no errors or other complications, your drivers are now
892     installed.
893     </p>
894    
895     </body>
896     </section>
897     <section>
898     <title>Finalizing our setup</title>
899     <body>
900    
901     <p>
902     Lastly, setup our directories.
903     </p>
904    
905     <pre caption="Final changes needed">
906     # <i>mkdir /home/samba</i>
907     # <i>mkdir /home/samba/public</i>
908     # <i>chmod 755 /home/samba</i>
909     # <i>chmod 755 /home/samba/public</i>
910     </pre>
911    
912     </body>
913     </section>
914     <section>
915     <title>Testing our Samba configuration</title>
916     <body>
917    
918     <p>
919     We will want to test our configuration file to ensure that it is formatted
920     properly and all of our options have at least the correct syntax. To do
921     this we run <c>testparm</c>.
922     </p>
923    
924     <pre caption="Running the testparm">
925     <comment>(By default, testparm checks /etc/samba/smb.conf)</comment>
926     # <i>/usr/bin/testparm</i>
927     Load smb config files from /etc/samba/smb.conf
928     Processing section &quot;[printers]&quot;
929     Global parameter guest account found in service section!
930     Processing section &quot;[public]&quot;
931     Global parameter guest account found in service section!
932     Loaded services file OK.
933     Server role: ROLE_STANDALONE
934     Press enter to see a dump of your service definitions
935     ...
936     ...
937     </pre>
938    
939     </body>
940     </section>
941     <section>
942     <title>Starting the Samba service</title>
943     <body>
944    
945     <p>
946     Now configure Samba to start at bootup; then go ahead and start it.
947     </p>
948    
949     <pre caption="Setting up the Samba service">
950     # <i>rc-update add samba default</i>
951     # <i>/etc/init.d/samba start</i>
952     </pre>
953    
954     </body>
955     </section>
956     <section>
957     <title>Checking our services</title>
958     <body>
959    
960     <p>
961     It would probably be prudent to check our logs at this time also.
962     We will also want to take a peak at our Samba shares using
963     <c>smbclient</c>.
964     </p>
965    
966     <pre caption="Checking the shares with smbclient">
967     # <i>smbclient -L localhost</i>
968     Password:
969     <comment>(You should see a BIG list of services here.)</comment>
970     </pre>
971    
972     </body>
973     </section>
974     </chapter>
975 neysx 1.5
976 swift 1.1 <chapter>
977     <title>Configuration of the Clients</title>
978     <section>
979     <title>Printer configuration of *nix based clients</title>
980     <body>
981    
982     <p>
983 neysx 1.11 Despite the variation or distribution, the only thing needed is CUPS. Do the
984     equivalent on any other UNIX/Linux/BSD client.
985 swift 1.1 </p>
986    
987 neysx 1.5 <pre caption="Configuring a Gentoo system">
988 swift 1.1 # <i>emerge cups</i>
989 neysx 1.11 # <i>nano -w /etc/cups/client.conf</i>
990     ServerName <i>PrintServer</i> <comment># your printserver name</comment>
991 swift 1.1 </pre>
992    
993     <p>
994 neysx 1.11 That should be it. Nothing else will be needed.
995 swift 1.1 </p>
996    
997     <p>
998 neysx 1.11 If you use only one printer, it will be your default printer. If your print
999     server manages several printers, your administrator will have defined a default
1000     printer on the server. If you want to define a different default printer for
1001     yourself, use the <c>lpoptions</c> command.
1002 swift 1.1 </p>
1003    
1004 neysx 1.11 <pre caption="Setting your default printer">
1005     <comment>(List available printers)</comment>
1006     # <i>lpstat -a</i>
1007     <comment>(Sample output, yours will differ)</comment>
1008     HPDeskJet930C accepting requests since Jan 01 00:00
1009     laser accepting requests since Jan 01 00:00
1010     <comment>(Define HPDeskJet930C as your default printer)</comment>
1011     # <i>lpoptions -d HPDeskJet930C</i>
1012 swift 1.1 </pre>
1013    
1014 neysx 1.11 <pre caption="Printing in *nix">
1015     <comment>(Specify the printer to be used)</comment>
1016     # <i>lp -d HPDeskJet930C anything.txt</i>
1017     <comment>(Use your default printer)</comment>
1018     # <i>lp foobar.whatever.ps</i>
1019 swift 1.1 </pre>
1020    
1021     <p>
1022 neysx 1.11 Just point your web browser to <c>http://printserver:631</c> on the client if
1023     you want to manage your printers and their jobs with a nice web interface.
1024     Replace <c>printserver</c> with the name of the <e>machine</e> that acts as
1025     your print server, not the name you gave to the cups print server if you used
1026     different names.
1027 swift 1.1 </p>
1028    
1029     </body>
1030     </section>
1031     <section>
1032     <title>Mounting a Windows or Samba share in GNU/Linux</title>
1033     <body>
1034    
1035     <p>
1036 neysx 1.5 Now is time to configure our kernel to support smbfs. Since I'm assumming we've
1037     all compiled at least one kernel, we'll need to make sure we have all the right
1038     options selected in our kernel. For simplicity sake, make it a module for ease
1039     of use. It is the author's opinion that kernel modules are a good thing and
1040     should be used whenever possible.
1041 swift 1.1 </p>
1042    
1043     <pre caption="Relevant kernel options" >
1044     CONFIG_SMB_FS=m
1045     CONFIG_SMB_UNIX=y
1046     </pre>
1047    
1048     <p>
1049     Then make the module/install it; insert them with:
1050     </p>
1051    
1052     <pre caption="Loading the kernel module">
1053     # <i>modprobe smbfs</i>
1054     </pre>
1055    
1056     <p>
1057     Once the modules is loaded, mounting a Windows or Samba share is
1058     possible. Use <c>mount</c> to accomplish this, as detailed below:
1059     </p>
1060    
1061     <pre caption="Mounting a Windows/Samba share">
1062     <comment>(The syntax for mounting a Windows/Samba share is:
1063     mount -t smbfs [-o username=xxx,password=xxx] //server/share /mnt/point
1064     If we are not using passwords or a password is not needed)</comment>
1065    
1066     # <i>mount -t smbfs //PrintServer/public /mnt/public</i>
1067    
1068     <comment>(If a password is needed)</comment>
1069     # <i>mount -t smbfs -o username=USERNAME,password=PASSWORD //PrintServer/public /mnt/public</i>
1070     </pre>
1071    
1072     <p>
1073     After you mount the share, you would access it as if it were a local
1074     drive.
1075     </p>
1076    
1077     </body>
1078     </section>
1079     <section>
1080     <title>Printer Configuration for Windows NT/2000/XP clients</title>
1081     <body>
1082    
1083     <p>
1084 swift 1.3 That's just a bit of point-and-click. Browse to
1085     <path>\\PrintServer</path> and right click on the printer
1086     (HPDeskJet930C) and click connect. This will download the drivers to
1087     the Windows client and now every application (such as Word or Acrobat)
1088     will offer HPDeskJet930C as an available printer to print to. :-)
1089 swift 1.1 </p>
1090    
1091     </body>
1092     </section>
1093     </chapter>
1094 neysx 1.5
1095 swift 1.1 <chapter>
1096     <title>Final Notes</title>
1097     <section>
1098     <title>A Fond Farewell</title>
1099     <body>
1100    
1101     <p>
1102     Well that should be it. You should now have a successful printing enviroment
1103     that is friendly to both Windows and *nix as well as a fully virus-free working
1104     share!
1105     </p>
1106    
1107     </body>
1108     </section>
1109     </chapter>
1110 neysx 1.5
1111 swift 1.1 <chapter>
1112     <title>Links and Resources</title>
1113     <section>
1114     <title>Links</title>
1115     <body>
1116    
1117     <p>
1118     These are some links that may help you in setting up, configuration and
1119     troubleshooting your installation:
1120     </p>
1121    
1122     <ul>
1123     <li><uri link="http://www.cups.org/">CUPS Homepage</uri></li>
1124     <li><uri link="http://www.samba.org/">Samba Homepage</uri></li>
1125     <li><uri link="http://linuxprinting.org/">LinuxPrinting dot Org</uri></li>
1126     <li>
1127     <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/">Kurt
1128     Pfeifle's Samba Print HOWTO</uri> (
1129     This HOWTO really covers <e>ANYTHING</e> and <e>EVERYTHING</e>
1130     I've written here, plus a LOT more concerning CUPS and Samba, and
1131     generally printing support on networks. A really interesting read,
1132     with lots and lots of details)
1133     </li>
1134     <li><uri link="http://www.freebsddiary.org/cups.php">FreeBSD Diary's CUPS Topic</uri></li>
1135     </ul>
1136    
1137     </body>
1138     </section>
1139     <section>
1140     <title>Troubleshooting</title>
1141     <body>
1142    
1143     <p>
1144     See <uri link="http://www.linuxprinting.org/kpfeifle/SambaPrintHOWTO/Samba-HOWTO-Collection-3.0-PrintingChapter-11th-draft.html#37">this
1145     page</uri> from Kurt Pfeifle's "Printing Support in Samba 3.0"
1146     manual. Lots of useful tips there! Be sure to look this one up
1147     first, before posting questions and problems! Maybe the solution
1148     you're looking for is right there.
1149     </p>
1150    
1151     </body>
1152     </section>
1153     </chapter>
1154     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20